apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: gateway-certificate-nonexistent-secret
  namespace: gateway-conformance-infra
spec:
  gatewayClassName: "{GATEWAY_CLASS_NAME}"
  listeners:
    - name: https
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: All
      tls:
        certificateRefs:
          - group: ""
            kind: Secret
            name: nonexistent-certificate
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: gateway-certificate-unsupported-group
  namespace: gateway-conformance-infra
spec:
  gatewayClassName: "{GATEWAY_CLASS_NAME}"
  listeners:
    - name: https
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: All
      tls:
        certificateRefs:
          - group: wrong.group.company.io
            kind: Secret
            name: tls-validity-checks-certificate
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: gateway-certificate-unsupported-kind
  namespace: gateway-conformance-infra
spec:
  gatewayClassName: "{GATEWAY_CLASS_NAME}"
  listeners:
    - name: https
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: All
      tls:
        certificateRefs:
          - group: ""
            kind: WrongKind
            name: tls-validity-checks-certificate
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: gateway-certificate-malformed-secret
  namespace: gateway-conformance-infra
spec:
  gatewayClassName: "{GATEWAY_CLASS_NAME}"
  listeners:
    - name: https
      port: 443
      protocol: HTTPS
      allowedRoutes:
        namespaces:
          from: All
      tls:
        certificateRefs:
          - group: ""
            kind: Secret
            name: malformed-certificate
---
apiVersion: v1
kind: Secret
metadata:
  name: malformed-certificate
  namespace: gateway-conformance-infra
data:
  # this certificate is invalid because contains an invalid pem (base64 of "Hello world"),
  # and the certificate and the key are identical
  tls.crt: SGVsbG8gd29ybGQK
  tls.key: SGVsbG8gd29ybGQK
type: kubernetes.io/tls
